Assets Server REST API - Performing a POST request with a csrf token

Because of improved security measures in the REST API of Assets Server, all data changing APIs only accept POST requests, not GET requests. Also, the POST request needs to include a cross-site request forgery (csrf) token.

Note: For a list of APIs that are affected by this, see the end of this article.

How it works

The csrf token is a unique code which, by including it in the request, also makes the POST request unique and therefore much more secure.

The csrf token is obtained by first logging in to Assets Server through a POST request. The response that is received will include the csrf token which can then be used in subsequent POST requests as a http header: